Enterprise Full Disk Encryption

[gbugbear at gmail.com (Bugbear)]

We use PGP WDE

Pros are:

Central Management and Policy Control
AD integration if desired (password policy control)
One time tokens that can be used for end user when they forget their
passphrase when theyt are offsite
Server is Linux and is fully supported in ESX environment

Cons:

Not Inexpensive
Tracks users by username not computer - so users that use multiple encrypted
systems can be an issue. (they are working on this for next version). Not
really an issue as a limitation / annoyance. Remove a computer whose user is
on another computer and it leaves a ghost computer in the console unless you
rejoin all the computers that user uses to Universal Server. You dont have -
other systems are fine but like I said more of annoyance than anything.

Just another take on it

Tim Mugherini



On Tue, Nov 4, 2008 at 5:10 PM, Raffi Jamgotchian
<raffi at flossyourmind.com>wrote:

> And open to potential compromise
>
> ----
> Raffi
>
> On Nov 4, 2008, at 4:07 PM, xgermx <xgermx at gmail.com> wrote:
>
> > If we did end up using TrueCrypt, users would be assigned static
> > passwords (which the IT staff would have stored in and encrypted
> > file). That would at least eliminate people forgetting their password.
> >
> > 2008/11/4 Tim Krabec <tkrabec at gmail.com>:
> > > Securitycatalyst.org/forums has a few topics on it.  I know several
> > > of the
> > > people there have implemented or are implementing FDE on several
> > > (50+)
> > > machines
> > > here is one of the threads
> > > http://www.securitycatalyst.org/forums/index.php?topic=193.0 (you
> > > need to be
> > > logged in)
> > >
> > > On Tue, Nov 4, 2008 at 10:39 AM, xgermx <xgermx at gmail.com> wrote:
> > > > I'm getting bids from HP and Dell on laptops (about 100). Does
> > > > anyone
> > > > have experience with their respective full disk encryption
> > > > solutions?
> > > > The reps I've talked too (from both companies) can't really give me
> > > > the technical information that I want, and the information on both
> > > > websites is outdated (2007).
> > > > I've also considered going with TrueCrypt (I have the most
> > > > experience
> > > > with this and it's free, but there's not a good way to centrally
> > > > manage it).
> > > > Your thoughts?
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > >
> > >
> > >
> > > --
> > > Tim Krabec
> > > Kracomp
> > > 772-597-2349
> > > smbminute.com
> > > kracomp.blogspot.com
> > > www.kracomp.com
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081104/f0826ae5/attachment.htm